Arduino RFID spoofer

An Arduino, a spent roll of toilet paper, magnet wire, and a few passive components are what’s needed to build this RFID spoofer. It’s quick, dirty, and best of all, simple. However, [SketchSk3tch’s] creation is not an RFID cloner. You must already know the hex code of the tag you want to spoof. That may or may not be as easy as using a separate tag reader.

We’ve seen some very simple RFID tag concepts. What we want is a DIY reader that is easy to build from cheap and readily available components. If you’ve got one, make with the details and tip us off about it.

Post navigation

34 thoughts on “Arduino RFID spoofer”

You can get a functional, assembled RFID reader from Parallax for $40. You would need a uC capable of generating the 125 KHz while simultaneously monitoring the power going into the LC antenna circuit and decoding any changes that would indicate the presence of a second tuned or detuned circuit drawing power off it. It’s quite a bit more complicated than emulating the card, which was designed to be simple and dirt cheap and not really worth the effort when a turnkey solution is available.

This card hack is kind of cool mainly because there is no pretense of it being practical, and you could theoretically use it to clone a card, which with the read only cards is generally assumed to be impossible.

I’m not proficient with RFID as in, I’ve never done any work with them personally, but I understand their basic function and use. But would it be possible to brute force copies of “read only” cards? Obviously this would be a slow and tedious process, much like any form of brute force hack. But, just to enlighten me, the idea of brute force hacking RFID is still a “possibility”, correct? Would a “rainbow table-esque” be a “feasible” project? I have zero intention, but, as any hacker, i’m just trying to broaden my knowledge.

@skinner
you don’t have any hash of the ID that reader is waiting for so rainbow tables wont work.
basic RFID tags usually have at least 32bit ID, so there are 2^32combinations, so even if you were trying passwords one after another it would take a lot of time
If I am not wrong it would be in order of 10^7 years:Phttp://www.wolframalpha.com/input/?i=%28%28125*1000%2F8%29*32%29*%282^32%29%2F3600%2F24%2F365

Nothing about 13.56Mz cards?
they have more feature (internal memory, password protection, sectors, anti-collision).
I’m trying to inteface my arduino to serial reader, but i’m also interested to make a spoofer..

@skinner
As klulukasz said there are a ton of possible combinations and it would take a long time to go through them all. I’ve heard though that some companies buy batch of cards that end up being sequential. If that’s the case, then if you can just read one card from a location, then you could work from there. In many cases if you have one working ID (the one you were able to read) you don’t need any more, but in other cases different cards give access to different locations. So, if your ID doesn’t work for a door, you could try several IDs around the one you’re using.

@Lorenzo
I’m not sure an Arduino is fast enough to emulate a 13.56Mhz card (it’s about100 times faster). I’m curios if this could be done with a Maple (Arduino clone using an ARM processor) or with a Butterly Uno (FPGA that you can program using the Arudino stuff). I’m guessing you could do something similar to the 125KHz one, I’m going to try it with my Maple and see how it goes.

I’d love to see a cheap DIY reader. The Propeller one is really cool. It would be awesome to combine that reader with this emulator. It would be even cooler if you could do it the reading and emulation all on the Arduino, which I bet you can (I’m sure you could do it all on a Propeller).

By the way, you should be able to modify the sketch so you can also hook the Parallax reader up to it for reading (which would then effectively make it a cloner). There were a couple of reasons I didn’t do this. First, I wanted to keep the project really simple so others could build on it and add whatever they wanted. Second, the Parallax reader reads EM4100 tags. It does read a lot of tags, but I was hoping to figure out a more generic reader, because you should be able to clone more tags using it.

By the way, when I picked up my reader a couple of weeks ago it was on sale at Radio Shack, the marked price was $49.99 but when they rung it up it was only $29.99. It looks like it’s been removed from their website so I think they’re closing them out.

@ARDUINO!!!!!!!: you may hate the arduino, but posting so in a way irrelevant to the topic is trolling. This project is not featured because it’s an arduino, it’s because it can spoof RFID codes for surprisingly cheap.
On a more relevant note, would this work for other values of caps?

//Pin to connect to the circuit
//Setting the pin LOW will tune the coil
//meaning it will respond as a high signal to the reader
//Setting the pin to HIGH will detune coil
//meaning the reader will see it as a low signal
int coil_pin = 9;

//if it’s 1, set the pin LOW (this will tune the antenna and the reader sees this as a high signal)
//if it’s 0, set the pin to HIGH (this will detune the antenna and the reader sees this as a low signal)
if(man_encoded == 1)
{
digitalWrite(coil_pin, LOW);
}
else
{
digitalWrite(coil_pin, HIGH);
}
}

@Ivan_k
You shouldn’t have to pay for the code, it’s the rfidFake.pde file on step 5. You should just be able to click on it and download it. It looks like you do have to create an account to download the code, but you can create a free one.

This is the first project I’ve posted on Instructables, I didn’t realize you had to set up an account to download the code. I’ll probably post the code on scribd or something so people can avoid doing that. Besides that, how do people feel about Instructables? I could set up my own site and put everything up there, but I’ve spent too much time over the last 10 years developing and maintaining websites to want to do that unless I have to.

Hi,
I bought a machine for my shop a while ago and they installed an RFID reader on it so it could tell when I had used up a couple liters of a chemical solution. Each container has an RFID tag. Without the tag on the container, the machine will not run. I have 20 liters of material I can’t use as the RFID tag is set to run out at 2 liters. Anyway I cando something for this?

Are the tags removable? Do you see any way to register new tags? There has to be a way, then you could just buy a few for 50-85 cents. If that doesn’t work you could try http://www.clonemykey.com, they do many types of RFID tag cloning, not just keys.